A challenge to the idea that no-one can create a good brainwallet

[CIYAM]

I have crappy memory so I don't use a brainwallet. Besides, there are much easier way to keep your money secure. So what's the point?

I guess the point I was trying to make is that although it is a skill (and I like your Parkour analogy) it is still "possible" to create good brainwallets (and I do agree that it is not a common skill and so I do understand not recommending the use of brainwallets for most).

Perhaps it is the sort of "nanny state" attitude that was annoying me (so many people trying to suggest you *can't create a secure brainwallet*) so I just wanted to show people here that I actually *have* a secure brainwallet (funds are still there) and I don't think I am some sort of "freak of nature" for being able create that.

[gamerholicdotcom]

what means brainwallet?

[548845]

what means brainwallet?

Not sure if trolling but, it is basically what the word means.
A wallet stored in your brain in the form of 12 words passprhase (as usual).
You basically create a private key to a wallet using a 12 word passprhase.

Remember, 12 words is what is usually used, you can use less or more.
I would advise you to use more and like others said, use words not published anywhere before.
Use slang if you wish, just make sure it's a word not published anywhere before.


EDIT: here: https://brainwallet.github.io/

[Soros Shorts]

While both of these statements are somewhat true, neither preclude generation of entropy, and you're ignoring
several important facts.  Namely, that there is a large number of distinct words/thoughts/things
that exist...and while our thoughts may ultimately be deterministic, there is no meaningful way
to predict them.  Furthermore, we all have unique experiences, memories, and brains, so we will
come up with different thoughts.  Even our own selves will come up with different thought patterns
on different days and there is no way to predict them.  Combine that with enough components
to a brain wallet phrase, and high entropy is possible.

This is true. I had a brainwallet that was based on a regular expression to capture the words of a childhood pet phrase into non-sequential capture groups, the actual sequence being based on another number that I remember. I happen to be really good at writing regular expressions so I could just bang it away for any given phrase. I would guess that there are very few rainbow tables out there based on this.

Of course, I no longer use this, having moved on to a more unique method.

[franky1]

anyone thinking about using brainwallets i feel that simply typing in 12 words into brainwallet.org is risky. as many people are developing databases of attempted word combinations

for instance:

To improve is to change; to be perfect is to change often.

is not unique. and can be predicted within a couple weeks of trying different combinations.

BUT if we were to hash each word first. and then put the result into brainwallet converter.. then it is more secure:

to=663ea1bfffe5038f3f0cf667f14c4257eff52d77ce7f2a218f72e9286616ea39
improve=2b35ed6944dd2e8f7462b14096e8969711280dffe1457a680c885a95127e426c
is=fa51fd49abf67705d6a35d18218c115ff5633aec1f9ebfdc9d5d4956416f57f6
to=663ea1bfffe5038f3f0cf667f14c4257eff52d77ce7f2a218f72e9286616ea39
change;=dc36e8b61c6627435b26da98200d6eb38a9a6feaeaae7392864b0e53e67f4932
to=663ea1bfffe5038f3f0cf667f14c4257eff52d77ce7f2a218f72e9286616ea39
be=46599c5bb5c33101f80cea8438e2228085513dbbb19b2f5ce97bd68494d3344d
perfect=fafe97f7def328bbd4f10779b9625a8aa0bfaa143d7ae64e6f5770e47b51cd1d
is=fa51fd49abf67705d6a35d18218c115ff5633aec1f9ebfdc9d5d4956416f57f6
to=663ea1bfffe5038f3f0cf667f14c4257eff52d77ce7f2a218f72e9286616ea39
change=12ea12eace7d655f471ce55e34f89b1b77a3d9d05a445ca82877dd2235beaa51
often.=b0c347a4cd46f0a96e83fa2b63d8611511c5bb5dc986406e88674b3fb3e54ad3

the entropy alone is atleast 10 times longer. yet all you have to do is in your mind remember the 12 words and then use a sha encryptor before pasting the result into a brain wallet converter.

[CIYAM]

Although I am not going to give out any precise clues as to how I created my own brainwallet clearly words that appear in any dictionary are not what you should use (and hashes of dictionary words are really no better).

If you were going to use hashing then you'd want to use "salt" and "rounds" also (and in any case is not really a "brainwallet" anymore as now you need software to unlock it).

[franky1]

Although I am not going to give out any precise clues as to how I created my own brainwallet clearly words that appear in any dictionary are not what you should use (and hashes of dictionary words are really no better).

If you were going to use hashing then you'd want to use "salt" and "rounds" also (and in any case is not really a "brainwallet" anymore as now you need software to unlock it).

well you need software / website/ code to unlock a brainwallet of basic phrases too..
but my example was not any software.. i just googled "sha encrypt online" much like people would google brainwallet. so there is nothing special required.

but i agree that just hashing a few words is not ideal and that re-hashing and doing other things inbetween (salt/rounds) before converting to a privkey should be added.

[CIYAM]

well you need software / website/ code to unlock a brainwallet of basic phrases too..

True - but the simpler the software the better (in terms of being able to access your funds even when you are on holidays, etc.).

And being able to sign a tx without being online is an important feature for security IMO.

[franky1]

well you need software / website/ code to unlock a brainwallet of basic phrases too..

True - but the simpler the software the better (in terms of being able to access your funds even when you are on holidays, etc.).

And being able to sign a tx without being online is an important feature for security IMO.

whatever software/code you se t create a signed TX already includes the reference libraries/functions of SHA.. so it only takes an extra couple lines of code to turn normal dictionary words into hashed words to increase entropy. all of which can be done offline. i only mentioned that anyone can google online sha encrypt in reference to your reply that it requires extra software.

all i am generally saying is that a straight 12 word dictionary listed words are not as good as hashing the words.. but i agree that adding salt and going through a few rounds to rehash and rehash it over and over again makes chances of people hacking your key even less of a possibility, whilst also making the user still only required to remember 12 words initially.

id say with just 10 lines of code added to any brainwallet utility, whether its a website, java app, or executable, will strengthen the brainwallet risks without making users have to remember more then 12 words

[CIYAM]

id say with just 10 lines of code added to any brainwallet utility, whether its a website, java app, or executable, will strengthen the brainwallet risks without making users have to remember more then 12 words

So my guess is that you'd be surprised that my brainwallet requires no such tools and is far less than 12 words (of course there are no dictionary words involved).

It was actually created as a test to see if it would have its funds stolen (I am rather surprised the funds are still there after so much time).

[BusyBeaverHP]

I have crappy memory so I don't use a brainwallet. Besides, there are much easier way to keep your money secure. So what's the point?

The point is that I can cross the border naked and still be worth the private key(s) I control.

I understand that the same thing can be achieved with cloud storage and conventional (bitcoin) wallet, but the personal private key generation is a much more elegant solution that bypasses several entities worth of trust compared to conventional wallets.

[BusyBeaverHP]

Most people's brainwallets that failed involved obscure Afrikaan poetry, 1337 substitutions, or some type of wacky human references. Most people don't know how to leverage hashing algorithm to create an incredible amount of entropy from a simple seed.

With just SHA2, "Bitcoin", and a secret method, for example, a competent person can create a private key with probably as much entropy as SHA2 space allows, thus their brainwallet will be indistinguishable from random noise.

A demonstration:

1. SHA2(Bitcoin) = B4056DF6691F8DC72E56302DDAD345D65FEAD3EAD9299609A826E2344EB63AA4

2. B4056DF6691F8DC72E56302DDAD345D65FEAD3EAD9299609A826E2344EB63AA4 ->
6691F8DC72E56302DDAD345D65FEAD3EAD9299609A826E2344EB63AA4B4056DF

3. SHA2(6691F8DC72E56302DDAD345D65FEAD3EAD9299609A826E2344EB63AA4B4056DF+Bitcoin) =
D551322B778D7BA384DF2FDBE0F0A77F4469C03771780B67D664EAE06F9CB97F

4. And so on...

The possibilities are innumerable.

That said, most people shouldn't do brainwallets because most people are not good at math--and more specifically, probabilities.

[Beliathon]

The brain wallet is a tool with unparalleled security, due to the leverage afforded by truly invisible money, that follows you everywhere.

You can go to any computer (or smartphone) in the world and print money, and no one will know you have satoshi. You can do this with any amount of wealth.

[jonald_fyookball]

The possibilities are innumerable.
 

Yes.

But, so far, I haven't seen a better implementation
than Electrum.  12 words, no other fancy
steps to remember, computer generated
entropy, and 144 bits of security.  (Plus
its compatible with the electrum wallet.)

[BusyBeaverHP]

The possibilities are innumerable.
 

Yes.

But, so far, I haven't seen a better implementation
than Electrum.  12 words, no other fancy
steps to remember, computer generated
entropy, and 144 bits of security.  (Plus
its compatible with the electrum wallet.)

I use Electrum as well, and evaluating my possibility of remembering a random set of 12 words in the correct order for the rest of my life, I can't guarantee that and will never attempt such things. 2 of 3 physical distribution of the password is the best I can do.

Clustering of relational memory feels a lot more natural to me and will probably last a lifetime.

Overall though, I don't believe in single point of failure, be it human memory or wallet format, which is why I use Bitcoin Core, Electrum, Armory, and a bunch of other stuff...

[comp14]

Thanks @CIYAM for bringing this topic to light.

Brainwallet has its pros and cons, but vulnerability to rainbow tables is not one of its cons. In some cases brainwallet provides the best cold storage method out there in the market (except multisig addresses). I have most of my coins in brainwallet.

You don't need to have a good memory skill in order to set up a secure brainwallet. Here is one technique I use to generate private keys.

1. Get 15 random characters and write them down. I use sha256(of some words I don't even remember), then I took the middle 15 characters of the hash value and wrote them down on a paper and on walls, saved them on my cellphone and on my pc, emailed to myself. I don't consider them secret so I have them everywhere.

2. Choose specific date. (it can be the future)

3. Choose a name. (it can be in any culture)

4. Pick one Special character. (eg =.,?/+*&^%$#@)

5. your lucky number.

6. hash them 3 times.


I don't think this technique requires good memory skills.  

[jonald_fyookball]

not bad but if someone knows your method and finds your secret 15 chars it's not strong

[blossbloss]

I have read this whole thread with great interest. I am a brainwallet user.  In a thread from over a year ago, I learned a lot about the difference between obfuscation and sufficient entropy.  Have a look...

https://bitcointalk.org/index.php?topic=350789.0

In the end, I decided to stay away from obfuscation.  I now use a truly random, very high entropy passphrase.  I couple that with a second random and high entropy BIP38 passphrase. My coin are extremely safe.

[jonald_fyookball]

I have read this whole thread with great interest. I am a brainwallet user.  In a thread from over a year ago, I learned a lot about the difference between obfuscation and sufficient entropy.  Have a look...

https://bitcointalk.org/index.php?topic=350789.0

In the end, I decided to stay away from obfuscation.  I now use a truly random, very high entropy passphrase.  I couple that with a second random and high entropy BIP38 passphrase. My coin are extremely safe.

Nice.  Did you ever figure out the dead man drop?
I have my own idea on that one. 

[blossbloss]

I have read this whole thread with great interest. I am a brainwallet user.  In a thread from over a year ago, I learned a lot about the difference between obfuscation and sufficient entropy.  Have a look...

https://bitcointalk.org/index.php?topic=350789.0

In the end, I decided to stay away from obfuscation.  I now use a truly random, very high entropy passphrase.  I couple that with a second random and high entropy BIP38 passphrase. My coin are extremely safe.

Nice.  Did you ever figure out the dead man drop?
I have my own idea on that one. 

I never did figure out a good dead man drop.  I'd love to hear any ideas you are willing to share.